FAP is company that slaughters animals and turns their skin into overpriced products which are then sold to rich bastards! Help animal rights activists increase political awareness by hacking their mailing list.

How would a database engine know what the data it is holding is for? No chance. Therefore, you don't request email, you request data. String to be more precise. As you probably/hopefully have programmed before, you should start thinking about what stuff strings can be used for. Also, think a bit about what is the output of a PHP script.

Before, you have put the actual query string you tried to execute here. That one contained a semicolon. Semicolon is for terminating a query (and maybe starting another one, but this does not work for LAMP/WIMP/etc). This means that you actually tried to terminate the MySQL query and append a second one. That just won't go. You have to use a single query.Try looking up how multiple tables in a single query can be read. I'd suggest the MySQL documentation. Quite a lot, but hey, we're here to learn, aren't we?

Another thing to consider: again, <img> tag.

Let him who has understanding recount the number of the beast, for it is a human number: His number is 0x029A.

then 2 and 3 are vulnerables , then I replace them by SOMETHING to get INFORMATION but instead I get a blank page in which there is a little broken image WHY ????

can you respond , please , by BECAUSE ...... and you explain to me

I saw the technique injection of vulnerable columns in more than 50 articles and 20 videos , I understand it and when I used it in this challenge , half of it was true and gave me the vulnerable columns but the other half gives me only broken image exactly when I replace the vulnerable columns by something . I want to know WHY

as for the other half I appreciate a lot your explanation about the semi column and it was useful for me but you said too :"How would a database engine know what the data it is holding is for? No chance. Therefore, you don't request email, you request data. String to be more precise""How would a database engine know what the data it is holding is for?" is not needed to solve the challenge , all what I can say is that the type of data stored in database are either literal constant , integers , boolean or float points and the database engine as a software that stores , retrieves and secures data in database is programmed to know about the type of data in database but this is useless for now , because if you want a student to learn about addition in math and you give him a hint about how to solve a polynomial using addition it will be only a misleading information that makes the thing very complicated to him without helping him to progress and improve

"Therefore, you don't request email, you request data. String to be more precise" as if you tell hey you are in www.hackthissite.org , I know that I should request a data and email is a sort of data that can be stored in a database , so you did not tell anything special that help understand the mechanism of the sql command used to solve the challenge

you did not respond this question too

if so , then how comes that in my command I request for email address from email list but I get images??? ? the answer is BECAUSE+EXPLANATION another thing that is very very important and I did not find any reply from you about it if when I put request for email I get photos this means that my syntax is true why??? because if my syntax was wrong it would redirect me to a page with a white blank with a little broken photo and a lot of time I put a wrong command and it took me to that blank page so why I get instead all the data gathered in one page (category1+2)WHY , you did not answer this question too

do you want me to be sincere with you , and with all my respect to you , I learn nothing from what you post to me , 2)you did not help , you make me more lost and every time you answer me , you lack precision , you ignore the majority of my questions and you answer few of them and when you answer , your answers are ambiguous , you send me learn about things that are general and has nothing to do with the essence of the challenge , and sorry , i do not understand your english very good (punctuation, some syntax and grammatical issues)I hope you understand and I hope someone can help me responding WITH PRECISION about my problemsand thanks

First, you seems to misunderstand the concept of SQLi. There is no such thing as 'vulnerable column'. There is a vulnerable script which makes calls to the database (which in turn may also have some vulnerabilities, but this is out of our scope ATM). The erratic mechanism of the script can be exploited to work in your favor and retrieve such data from the database that it is otherwise not intended to.

Second, and again, you don't request for an email, nor an image. Therefore there is no 'how come they're image?'. In a database there is no such thing as an image. You request for a string that's called e-mail, however, the database won't know it's purpose. So you've got a string that may be used for several purposes as I mentioned earlier.You username is a string, your password is a string, your avatar URL is a string, etc.So, BECAUSE THE PHP SCRIPT LISTS SOME DATA AS IMAGES. BECAUSE THE ORIGINAL PURPOSE IS TO DISPLAY AN IMAGE, A DESCRIPTION, AND A PRICE RESPECTIVELY.

BTW I just redid the chall and realized that this conversation makes no sense at all since when you do this 'the right way', every e-mail will get displayed twice.

Third, my answers are ambiguous because I avoid giving the solution away. All the things I've pointed you to have quite much to do with the challenge. HTS is not about solving it's challenges but to learn these general things via the challenges. If you don't like it, then maybe this site is not for you.

Fourth, Enlglish is not my native language, though I'm pretty fine communicating with the majority of users here. You are an exception to this. As you have quite severe gramm/typo/etc issues in your posts too, I don't feel interested in your complaint.

Fifth, and with all my respect to anyone coming here to learn, you behave like if you were either trolling or aiming for an IOTY. At this point, after lots of patience from my side (and probably from others as you got away without being flamed so far quite well) I'd rather not waste more of my time on you.

For a final word of advice, you should either change your attitude radically or head back playing WOW

Let him who has understanding recount the number of the beast, for it is a human number: His number is 0x029A.

in this message I did not make any infraction , I did not insult , I neither break the laws of this site nor have I touched its venerability ,I expressed what i felt in a literary , democratic way that does not injure anyone so , I respect all the genius adminstrators in this site I want to learn how to solve these challenge and become an efficient member but if I get banned after this message I can not do anything , this site is very instructive and good but if I am banned I will find another site and so on conscience said :"There is no such thing as 'vulnerable column'" you think I invented this from my head ??? so let's see

For this we have to replace one of the vulnerable columns with “ version() “ or “@@version”

and so on ... I can put 100 articles for you to read ...

and you say :"There is no such thing as 'vulnerable column'" in sql injection look at you , you are here from 2009 in hacktthissite you have more than 3 years of experiences and may be 10 years (in comparison with me who has only 2 months and 10 days ) and you do not even know about "vulnerable columns" and even what they are , and you come to show me how I solve this challenge you would better show yourself , I know better than you

2) "There is a vulnerable script which makes calls to the database (which in turn may also have some vulnerabilities, but this is out of our scope ATM). The erratic mechanism of the script can be exploited to work in your favor and retrieve such data from the database that it is otherwise not intended to". nothing special in all this , this is what sql is intended to do

3), BECAUSE THE PHP SCRIPT LISTS SOME DATA AS IMAGES. BECAUSE THE ORIGINAL PURPOSE IS TO DISPLAY AN IMAGE, A DESCRIPTION, AND A PRICE RESPECTIVELY. this is instructive , and now what you said is useful so you give me a new information and I appreciate it but if " BECAUSE THE PHP SCRIPT LISTS SOME DATA AS IMAGES"so how I get the e-mail lists from these images

4)"BTW I just redid the chall and realized that this conversation makes no sense at all since when you do this 'the right way', every e-mail will get displayed twice".

if I know how to do it the "right way" , I would not come here to ask for help

5)you said :"Third, my answers are ambiguous because I avoid giving the solution away. All the things I've pointed you to have quite much to do with the challenge."you are not even able to understand the difference between "ambiguous" and " evocative" , ambiguous is uncertain and doubtful , go and learn english before you come to talk with me , a hint must be "evocative" not ambiguous

6)you said "HTS is not about solving it's challenges but to learn these general things via the challenges. If you don't like it, then maybe this site is not for you."

I am here to solve these challenges THROUGHOUT learning HOW TO SOLVE THEM , learning is not an end but a mean and this is the difference between you and me : I precise my words and my thoughts , you not this is one of the reasons that explains why in 2 months I learn what you learned in 3 years another thing , to say is if i want to learn I would not come in this site , I can go to google and learn from it and that is allI am here to solve the challenges , all of them with no exception

7)you said "Fourth, Enlglish is not my native language, though I'm pretty fine communicating with the majority of users here. You are an exception to this. As you have quite severe gramm/typo/etc issues in your posts too, I don't feel interested in your complaint."

my english is bad too I do not say the contrary but yes your english is the worst and I do not care of the other I care only of myself how I feel toward you and I am not complaining to you , you are not a psychologist you , you do not impress me as I consider that your level is not higher than mine in hacking , I know better than you , and always remember that no one calls you to help me , you come a lone from the beginning of my inscription and you expose your services , I did not call you

do not even dare to decide what should I do and especially do not threat me , and do not engage others (and probably from others as you got away without being flamed so far quite well) , I have no problem with others , be a man and do not impose others , this concerns only you and me

"I'd rather not waste more of my time on you." no one calls you to give your PRECIOUS time to me , you come by yourselfI do not like you I do not want that you waste your time with me , I learn nothing from you and you are easily provoked , and you are not even qualified to help me

I am still stuck in this challenge and until now I did not get can the expert administrators in this site push me in the right direction by giving of course a hint

I figure out the vulnerable columns 2 and 3 , 3 is in bold because it is the most vulnerable then I tried to find the table name and the column name by using these two commandsto find the table name I used this command

Edited Out

but all I get is a blank page with a little broken image

I used this command to find the the column names too

Edited

and I get the same result

I am stuck , I red all the forum , googled a lot but without result

until now no one respond me I do not understand why no one of the adminstrator helps me

if I am not allowed to get an answer to my questions so at least , let me know this but please do not ignore my answersI really stuck more than 1 week in this problembest regard for the adminstrators of this site a very unique site and very instructive and thanks

strongard wrote:I am still stuck in this challenge and until now I did not get can the expert administrators in this site push me in the right direction by giving of course a hint

I figure out the vulnerable columns 2 and 3 , 3 is in bold because it is the most vulnerable then I tried to find the table name and the column name by using these two commandsto find the table name I used this command

Edited Out

but all I get is a blank page with a little broken image

I used this command to find the the column names too

Edited

and I get the same result

I am stuck , I red all the forum , googled a lot but without result

until now no one respond me I do not understand why no one of the adminstrator helps me

if I am not allowed to get an answer to my questions so at least , let me know this but please do not ignore my answersI really stuck more than 1 week in this problembest regard for the adminstrators of this site a very unique site and very instructive and thanks

Posting like a whining baby will get you no help. I've seen people give advice only for you to respond like a douche. I don't think this website is for you. You don't want hints, you want the answers. I'll look forward to you not shitting up the forums any longer.

Is this mission broken? I used an SQL code but all it brought up was a broken image. When I checked the source, it said it was ".jpg" and when I clicked the link in the source (normally bringing up an image) it sent me to the source of the would be error page that said that the link was invalid. Is it broken or am I not using the right code?

So you got 0 hits, which means your addition returned false. I'd suggest to edit your post, because - as it is pointed out by Enzime59 - it is spolish. Also, knowing how much emails the table has will take you nowhere. You'll need to find out the number of columns instead, since the MySQL command you need to use to 'concatenate' two queries (of the same kind) will require you to give a second query asking for exactly the same number of columns as the first one.

Finding out which command to use and how many columns to query is up to you.